Results 1 to 6 of 6

Thread: IndexU is not safe?

  1. 02-10-2006, 07:00 PM #1
    shadow_boi
    shadow_boi is offline Registered User
    Join Date
    Feb 2006
    Posts
    3

    Default IndexU is not safe?

    Today I saw so couple sites which are powered by indexU are infaced.

    Defaced by D.O.M & Garzt3

    [Hey! Just Remember Jesus Love You!]


    http://search.yahoo.com/search?p=%22...100&fl=0&x=wrt

    Here are some

    http://link.king-zone.com/browse-%B9c%C0%B8-35-1.html
    http://www.bestamericandentists.com/..._dentists.html
    http://www.dein-pirmasens.de/bad_link.php?id=607
    http://www.dein-pirmasens.de/bad_link.php?id=607

    seems like, if you makes you theme files to 755, you will get risk.

    infaced http://www.zone-h.org/en/en/defaceme...defacer=D.O.M/
  2. 02-12-2006, 04:07 PM #2
    RIChristianscom
    RIChristianscom is offline Registered User
    Join Date
    Mar 2005
    Posts
    38

    Default

    Two days pass and this huge security risk goes unanswered???
  3. 02-12-2006, 04:45 PM #3
    dody
    dody is offline Administrator
    Join Date
    Aug 2001
    Location
    Indonesia
    Posts
    3,732

    Default

    We're investigating this issue and will post here as soon as we get where the security hole is occur. Please remember that since it's shared hosting, the hole may comes from many way
    www.nicecoder.com
    www.indexu.net
    www.dodyrw.com
  4. 02-23-2006, 04:30 PM #4
    bbauman
    bbauman is offline Registered User
    Join Date
    Feb 2006
    Posts
    1

    Default

    Any update on this?
  5. 04-12-2006, 09:14 PM #5
    retrolyte
    retrolyte is offline Registered User
    Join Date
    Dec 2005
    Location
    Oslo, Norway
    Posts
    16

    Default Yes, Very Unsafe, Beware!!!!!

    Well I'm here cause 2 of my indexu directories got hacked today . One was just totally deleted and another someone uploaded some phishing script to the upload_files directory. So I went in and deleted every site running indexu 5.01. If you run indexu there is a pretty big risk of your sites being hacked as when you install the script you have to set permissions to 777 on multiple files and folders which just invite hackers to come hack your sites.

    Shadow_boi, funny you put up that link to the yahoo search. In that list I found links to a bunch of my sites because I installed indexu and hadn't taken time to update the templates yet, so yeah hackers just need to search for "indexu" and they can pretty much find all the sites they can hack very easily.

    This is a huge problem with indexu.

    Is there a way to secure indexu and have it still work? I don't know. I know the support for this script is poor to nill so I couldn't imagine this getting fixed soon if ever.

    At this point I'm considering building or rebuilding all my sites in the old fashioned static html so I don't have to worry about hackers anymore. It's really sad some people don't have better things to do in the world besides defacing other peoples property.

    Anyway, if you are thinking about using indexu, you've been warned.

    Peace,

    Jeff
  6. 04-13-2006, 12:22 AM #6
    dody
    dody is offline Administrator
    Join Date
    Aug 2001
    Location
    Indonesia
    Posts
    3,732

    Default

    There's security problem in 5.0.1 and it has been fixed. All 5.0.x users, please update to the latest version.

    If you do not want to upgrade, please login to client area and apply the patch for 5.0.1
    www.nicecoder.com
    www.indexu.net
    www.dodyrw.com
« Previous Thread | Next Thread »

Similar Threads

  1. Safe Mode
    By onlinegamblin in forum v5.x
    Replies: 2
    Last Post: 11-06-2005, 03:47 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules